The Nemty Ransomware has showed plans to create a blog that will be used to publish stolen data for ransomware victims who won’t to pay the ransom.
These tactics have alreadywill been employed buy Maze and now Sodinokibi.
They act by stealing files from companies before encrypting them. If a victim refuses to pay the ransom, then the stolen data will be leaked bit-by-bit until payment has been made.
Nemty are going to create leaked data site
The idea behind this malicious tactic is that companies may be more prone to pay a ransom if it costs less than the data breach costs, loss of trade and business secrets, brand image damage, and potential lawsuits for the disclosing of personal data.They are going to create a website to share this ‘news’. Currently there is a Nemty Ransomware affiliate panel, the ransomware developers have a news feed where they post their plans, bug fixes, and upcoming changes coming to their ransomware-as-a-service.
Also see: 10 Steps to Better Ransomware Protection
Nemty is already configured for network attacks with a builder mode that is used to create executables that target an entire network rather than individual computers.
In this mode, the created ransomware executables are "only for corporations". This means there will be one key used to decrypt all the devices in the network and victims will not be able to decrypt individual machines.
With this functionality in place, developing the RaaS to incorporate data exfiltration and further extortion tactics doesn’t seem like a tedious job.
This type of ransomware attack is a new method and it’s certainly pretty brazen. The devastation it may cause is unknown, but you can be sure to see more of this type of attack in the near future.
Unfortunately it’s not just the corporate data at risk but personal information too.
When cyberandtech.com find out more information about this new ransomware method and we will let you know in our future articles.